adafruit-mirror/zephyr
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 9

net: ip: Fix for improper offset return by net_pkt_find_offset()

Browse source 
The original packet's link-layer destination and source address can be
stored in separately allocated memory. This allocated memory can be
placed just after pkt data buffers.
In case when `net_pkt_find_offset()` uses condition:
`if (buf->data <= ptr && ptr <= (buf->data + buf->len)) {`
the offset is set outside the packet's buffer and the function returns
incorrect offset instead of error code.
Finally the offset is used to set ll address in cloned packet, and
this can have unexpected behavior (e.g. crash when cursor will be set
to empty memory).

Signed-off-by: Marcin Gasiorek <marcin.gasiorek@nordicsemi.no>
This commit is contained in:
Marcin Gasiorek 2024-03-05 13:44:39 +01:00 committed by Fabio Baltieri
parent d97cebd3ca
commit fb99f65fe9
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
subsys/net/ip/net_pkt.c
View file

@ -1817,7 +1817,7 @@ static int32_t net_pkt_find_offset(struct net_pkt *pkt, uint8_t *ptr)
buf = pkt->buffer;
while (buf) {
if (buf->data <= ptr && ptr <= (buf->data + buf->len)) {
if (buf->data <= ptr && ptr < (buf->data + buf->len)) {
ret = offset + (ptr - buf->data);
break;
}